March 07, 2018

NAFCU reiterates data security principles as hearing examines solutions

NAFCU was on hand as a House subcommittee held a hearing yesterday that explored possible legislative solutions to reform the nation's data security system. Ahead of the hearing, NAFCU's Brad Thaler sent a letter reiterating the principles credit unions would like to see addressed in any comprehensive data security legislation, and providing the association's thoughts on data security bills before the subcommittee.

Witnesses who testified at the hearing, held by the House Financial Services Subcommittee on Financial Institutions and Consumer Credit, represented the state of Massachusetts, the Consumer Data Industry Association, the Information Technology Industry Council and the Financial Services Roundtable.

NAFCU-sought draft legislation being worked on by Subcommittee Chairman Blaine Luetkemeyer, R-Mo., and Rep. Carolyn Maloney, D-N.Y., was one of two bills that were the focus of the hearing. The draft bill builds on provisions from the Data Security Act of 2015, which would have created a strong national data security standard for retailers, held them accountable for breaches on their end and recognized credit unions' compliance with the Gramm-Leach-Bliley Act.

In his letter to the subcommittee, Thaler, NAFCU's vice president of legislative affairs, wrote that NAFCU "appreciate[s] that the legislation maintains the status quo on the ability of credit unions to take a private right of action to recoup the costs suffered in a data breach." He provided some suggestions to strengthen the draft legislation.

The subcommittee also discussed the Promoting Responsible Oversight of Transactions and Examinations of Credit Technology Act (H.R. 4028), which NAFCU supports, Thaler wrote, as it would "help address some of the concerns about the gaps in regulation of large credit rating agencies."

NAFCU has been a leader in advocating for a strong national data security standard that ensures all entities that hold or collect consumers' personal financial information are held to similar standards as credit unions.

To read Thaler's full letter, including NAFCU's data security principles, click here.